Verizon’s annual data breach report for 2024 (DBIR) adjusted its investigative categories to fine-tune results. Last year, bad actors exploited known vulnerabilities to gain unauthorized access and deployed ransomware and other extortion-related threats against businesses in nearly every industry. 92% of business sectors experienced some kind of cyber threat. Most attack vectors used web applications as their primary pathway, underscoring the need for solutions on how to achieve a more secure network.
Human error remains the primary contributor to cybercrime. Most compromises involved third-party vendors associated with an organization’s software supply chain. Stronger defenses against third-party infiltration would mitigate threat activity, and comprehensive training can reduce the type of human error that can create vulnerabilities. The current landscape underscores the need for a defensive infrastructure to hamper unauthorized intrusion.
Cybersecurity LandscapeÂ
Cybercrime is a business; like any business, return on investment plays a role in allocating resources. Although million-dollar breaches make headlines, most extortion threats result in losses of less than $50,000 and thus often go unreported. These bigger, headline-grabbing attacks take thousands of hours to execute and are usually perpetuated by organized crime or state-sponsored groups.Â
One of the most disturbing trends in cybercrime is that criminals no longer need sophisticated skills to execute sophisticated attacks. Instead, they can access tools on the Dark Web created by others with those skills. Hackers create bots that crawl the web, looking for the exact vulnerabilities that the cyber tool exploits. When these bots find a suitable victim, they ping the hacker, who then uses the tool to gain access.
According to Verizon’s DBIR, the average ransom is around $46,000. A hacker could attack one victim weekly and earn $200,000 a month. That’s more than $2 million a year. For a few thousand in upfront investment, they can buy ransomware, spend a few hours building a bot, and wait for a ping. For cybercriminals, the return on investment is worth the risk.
Security ChallengesÂ
The most significant cybersecurity challenge right now is a lack of qualified professionals. Many specialists work the equivalent of two jobs to keep their enterprise safe. They struggle to keep up with new tools augmented by artificial intelligence (AI). According to the World Economic Forum, only 14% of organizations have sufficient expertise to secure their networks.
AI-generated tools have made it possible to carry out sophisticated social engineering attacks with little technical skill. For example, new tools make phishing easier. AI-generated emails mimic human interaction, convincing users to provide information or grant access. Legitimate AI-powered applications pose a threat as more organizations deploy business applications without adequate testing to identify possible vulnerabilities.
Supply chain interdependencies further increase the risk of ransomware attacks. An unsecured vendor network can facilitate widespread attacks. Over half of large organizations consider supply chain vulnerabilities the primary impediment to a secure network. Given the increased threat from multiple vectors, businesses must make changes to secure their network infrastructure.
Building a Secure Network
DBIR found that most threats come from web applications. Companies using the cloud may lack the expertise to ensure security at the edge. With an ongoing labor shortage, many businesses must implement technologies that strengthen networks without increasing IT workload, such as virtual private networks (VPN) and software-defined wide-area networks (SD-WAN).
Virtual Private Networks (VPNs)
VPNs secure communication transmitted between two points. They create tunnels for sending data, masking IP addresses, and making it difficult for hackers to track online activity. VPNs also encrypt data sent through these tunnels, reducing the risk of unauthorized access to sensitive data. Thus, VPNs provide a secure method for organizations that allow remote access to their network, especially for employees or vendors who use public networks.
Software Defined Wide Area Networks (SD-WAN)
SD-WAN is an application that sits on top of network hardware. It simplifies network management, improves performance, and enhances security. SD-WAN solutions provide end-to-end visibility for more secure operations. While VPNs offer entry-level security, SD-WAN can enforce more discrete security policies.Â
VPNs authenticate users and establish a secure connection. Once authenticated, the VPN does nothing to further restrict access. SD-WAN applications support zero-trust architectures, requiring authentication whenever a resource is requested. This requirement prevents unauthorized users from moving unimpeded through a network. SD-WAN also supports next-generation firewalls and in-transit encryption. If cybercriminals intercept any data, the encryption renders it unusable.
Unfortunately, many organizations lack the expertise to fully implement SD-WAN solutions. SD-WANs support zone-based firewalls that can control what Internet of Things (IoT) devices access. The application stipulates the network destinations a single device can access, limiting hackers’ ability to compromise an entire network.
Gateways
Gateways are devices that control access between two networks. Using different communication methods, they act as a bridge that allows traffic to move between networks. A wireless gateway acts as an entry point to a network from external sources such as the Internet or a cellular network. These devices pose a significant threat to network security if left unsecured.
Planet’s cellular wireless gateway uses built-in IPSec VPN functionality. The protocol authenticates connected devices, creates an encrypted tunnel, and verifies that data packets come from a trusted source. It supports DES/3ES/AES encryption methods and multiple authentication solutions such as MD5/SHA-1, 256, 384, and 512.
The ICG-2515F-NR gateway has built-in packet inspection (SPI) firewalls that can mitigate DoS/DDoS attacks for more robust intrusion protection. Its virtual server and DMZ functionality can support secure but separate intranet and internet access. The device has HTTPS web and SNMP management interfaces for platform-independent installations.
Training
Verizon’s latest report shows employee errors are the number one contributor to data breaches. They are also the last defense against a potential compromise. Hackers cannot gain access if employees don’t click on nefarious links or respond to suspicious emails. Regular training provides employees with the information necessary to identify potential cyber threats, reducing the risk of a successful compromise.
Training is a critical defense mechanism for most organizations facing cybersecurity labor shortages. Finding the proper hardware to protect a network with minimal human intervention can free staff to concentrate on securing other network parts. Planet Technology USA offers a range of network components, switches, and gateways to help secure any network.